The Stuxnet virus was borne out of a Bush-era program entitled “Operation Olympic Games.” President Bush understood the need to slow down Iran’s nuclear development, but also recognized the reality that a CIA or Israeli military attack could (and likely would) devolve into an all-out armed conflict. Operation Olympic Games, however, was the most ambitious cyber operation the government had ever attempted, for two reasons. First, the scale was unprecedented: the government had launched smaller attacks on, for example, al Qaeda computer systems, but those attacks were essentially the extent of the government’s offensive cyber experience. Second, never before had the government attempted a cyber attack designed to cause actual physical damage to a facility; previous attacks had only tried to stymie computer systems.
Basically, the Stuxnet virus was designed to attack Iranian centrifuges at the Natanz plant, where Iran was enriching uranium, without the Iranians detecting, at least initially, that they were under attack. In a simplification of what occurred, the U.S. and Israeli governments obtained detailed information on the inner workings of the Natanz plant. The Iranian centrifuges depend on delicate rotors that, if sped up or slowed down too quickly, can become imbalanced and rip through the rest of the device. Once installed, the virus caused the centrifuges to malfunction while broadcasting to the monitoring systems that all was operating as normal. The Stuxnet virus caused the rotors to either speed up or slow down too quickly without tripping Iran’s security systems.
The immediate implications of the Stuxnet virus’ success were twofold. First, the virus did at least temporarily slow down Iranian nuclear development. As centrifuges began to crash, the Iranians overreacted and disabled many others, looking for faults. They also questioned the skill of some of their engineers, even going so far as to fire some of the technicians. It is impossible to say exactly how long the program was delayed by, but certainly the virus caused serious damage. Second, the U.S. government hoped to convince Israel that there were alternatives to a military attack on Iran’s nuclear facilities. Not only would a military attack likely end in war, but the Iranians would then rebuild their facilities much further underground, making them much more difficult to attack and nearly impossible to bomb. With a (hopefully) undetectable cyber attack, perhaps Iranian development could be slowed without Iranian knowledge of the attack.
Obviously, the government’s cyber attacks did not remain covert, and, as I will explain in my next post, the Stuxnet cyber attack would have implications beyond the government’s relationship with Iran.